CVE-2009-2617
BaoFeng Storm 3.9.62 - '.Playlist' File Buffer Overflow (PoC)
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
Desbordamiento de búfer basado en pila en medialib.dll en BaoFeng Storm v 3.9.62, permite a atacantes remotos la ejecución de código de su elección a través de un nombre de ruta largo en el atributo "source" de un elemento "item" en un archivo de lista de reproducción .smpl.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-28 First Exploit
- 2009-07-27 CVE Reserved
- 2009-07-27 CVE Published
- 2024-09-16 CVE Updated
- 2024-10-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/33059 | 2009-05-28 | |
http://marc.info/?l=full-disclosure&m=124624413120440&w=2 | 2024-09-16 | |
http://marc.info/?l=full-disclosure&m=124627617220913&w=2 | 2024-09-16 | |
http://www.securityfocus.com/bid/35512 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/35592 | 2009-07-27 |